Prompt Injection Vulnerability in GitHub Actions AI Agents Exposes Secrets

Prompt Injection Vulnerability in GitHub Actions AI Agents Exposes Secrets

First seen 15 Apr 2026, 08:28 UTC Theregisteroddguan.comdocs.github.comCybernewswww.theregister.com+6 83% similarity 66.6

Article Content

Browse articles
ThreatCluster

Security researchers discovered a critical vulnerability in three AI agents integrated with GitHub Actions: Anthropic's Claude Code Security Review, Google's Gemini CLI Action, and Microsoft's GitHub Copilot. The vulnerability allows attackers to perform prompt injection attacks, enabling them to steal API keys and access tokens from the host repository. The attack method involves crafting malicious pull request titles or issue bodies that the AI agents process without proper sanitization. Researchers received bug bounties for their findings but noted that the vendors did not disclose the vulnerabilities or assign CVEs, leaving users unaware of their exposure. The CVSS score for the vulnerability is 9.4, indicating a critical risk. The potential impact extends to any GitHub Actions that allow access to sensitive tools and secrets. The researchers warned that similar vulnerabilities could exist in other AI agents integrated with GitHub Actions.

Key Points: • Three AI agents in GitHub Actions are vulnerable to prompt injection attacks. • Attackers can steal sensitive API keys and access tokens using crafted pull request titles. • Vendors did not disclose vulnerabilities or assign CVEs, leaving users at risk.

ThreatCluster AI

Timeline

2026-04-15
Research findings published on prompt injection vulnerabilities
2026-04-15
Bug bounties awarded by Anthropic, Google, and Microsoft
Date unknown
No public advisories or CVEs issued by vendors

Community

Browse all →